From: Brendan Jackman <jackmanb@google.com>
To: Thomas Gleixner <tglx@linutronix.de>,
Ingo Molnar <mingo@redhat.com>, Borislav Petkov <bp@alien8.de>,
Dave Hansen <dave.hansen@linux.intel.com>,
"H. Peter Anvin" <hpa@zytor.com>,
Andy Lutomirski <luto@kernel.org>,
Peter Zijlstra <peterz@infradead.org>,
Richard Henderson <richard.henderson@linaro.org>,
Matt Turner <mattst88@gmail.com>,
Vineet Gupta <vgupta@kernel.org>,
Russell King <linux@armlinux.org.uk>,
Catalin Marinas <catalin.marinas@arm.com>,
Will Deacon <will@kernel.org>, Guo Ren <guoren@kernel.org>,
Brian Cain <bcain@quicinc.com>,
Huacai Chen <chenhuacai@kernel.org>,
WANG Xuerui <kernel@xen0n.name>,
Geert Uytterhoeven <geert@linux-m68k.org>,
Michal Simek <monstr@monstr.eu>,
Thomas Bogendoerfer <tsbogend@alpha.franken.de>,
Dinh Nguyen <dinguyen@kernel.org>,
Jonas Bonn <jonas@southpole.se>,
Stefan Kristiansson <stefan.kristiansson@saunalahti.fi>,
Stafford Horne <shorne@gmail.com>,
"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
Helge Deller <deller@gmx.de>,
Michael Ellerman <mpe@ellerman.id.au>,
Nicholas Piggin <npiggin@gmail.com>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
Naveen N Rao <naveen@kernel.org>,
Madhavan Srinivasan <maddy@linux.ibm.com>,
Paul Walmsley <paul.walmsley@sifive.com>,
Palmer Dabbelt <palmer@dabbelt.com>,
Albert Ou <aou@eecs.berkeley.edu>,
Heiko Carstens <hca@linux.ibm.com>,
Vasily Gorbik <gor@linux.ibm.com>,
Alexander Gordeev <agordeev@linux.ibm.com>,
Christian Borntraeger <borntraeger@linux.ibm.com>,
Sven Schnelle <svens@linux.ibm.com>,
Yoshinori Sato <ysato@users.sourceforge.jp>,
Rich Felker <dalias@libc.org>,
John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>,
"David S. Miller" <davem@davemloft.net>,
Andreas Larsson <andreas@gaisler.com>,
Richard Weinberger <richard@nod.at>,
Anton Ivanov <anton.ivanov@cambridgegreys.com>,
Johannes Berg <johannes@sipsolutions.net>,
Chris Zankel <chris@zankel.net>,
Max Filippov <jcmvbkbc@gmail.com>, Arnd Bergmann <arnd@arndb.de>,
Andrew Morton <akpm@linux-foundation.org>,
Juri Lelli <juri.lelli@redhat.com>,
Vincent Guittot <vincent.guittot@linaro.org>,
Dietmar Eggemann <dietmar.eggemann@arm.com>,
Steven Rostedt <rostedt@goodmis.org>,
Ben Segall <bsegall@google.com>, Mel Gorman <mgorman@suse.de>,
Valentin Schneider <vschneid@redhat.com>,
Uladzislau Rezki <urezki@gmail.com>,
Christoph Hellwig <hch@infradead.org>,
Masami Hiramatsu <mhiramat@kernel.org>,
Mathieu Desnoyers <mathieu.desnoyers@efficios.com>,
Mike Rapoport <rppt@kernel.org>,
Arnaldo Carvalho de Melo <acme@kernel.org>,
Namhyung Kim <namhyung@kernel.org>,
Mark Rutland <mark.rutland@arm.com>,
Alexander Shishkin <alexander.shishkin@linux.intel.com>,
Jiri Olsa <jolsa@kernel.org>, Ian Rogers <irogers@google.com>,
Adrian Hunter <adrian.hunter@intel.com>,
Dennis Zhou <dennis@kernel.org>, Tejun Heo <tj@kernel.org>,
Christoph Lameter <cl@linux.com>,
Sean Christopherson <seanjc@google.com>,
Paolo Bonzini <pbonzini@redhat.com>,
Ard Biesheuvel <ardb@kernel.org>,
Josh Poimboeuf <jpoimboe@kernel.org>,
Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Cc: x86@kernel.org, linux-kernel@vger.kernel.org,
linux-alpha@vger.kernel.org, linux-snps-arc@lists.infradead.org,
linux-arm-kernel@lists.infradead.org,
linux-csky@vger.kernel.org, linux-hexagon@vger.kernel.org,
loongarch@lists.linux.dev, linux-m68k@lists.linux-m68k.org,
linux-mips@vger.kernel.org, linux-openrisc@vger.kernel.org,
linux-parisc@vger.kernel.org, linuxppc-dev@lists.ozlabs.org,
linux-riscv@lists.infradead.org, linux-s390@vger.kernel.org,
linux-sh@vger.kernel.org, sparclinux@vger.kernel.org,
linux-um@lists.infradead.org, linux-arch@vger.kernel.org,
linux-mm@kvack.org, linux-trace-kernel@vger.kernel.org,
linux-perf-users@vger.kernel.org, kvm@vger.kernel.org,
linux-efi@vger.kernel.org, Brendan Jackman <jackmanb@google.com>
Subject: [PATCH TEMP WORKAROUND RFC v2 15/29] mm: asi: Workaround missing partial-unmap support
Date: Fri, 10 Jan 2025 18:40:41 +0000 [thread overview]
Message-ID: <20250110-asi-rfc-v2-v2-15-8419288bc805@google.com> (raw)
In-Reply-To: <20250110-asi-rfc-v2-v2-0-8419288bc805@google.com>
This is a hack, no need to review it carefully. asi_unmap() doesn't
currently work unless it corresponds exactly to an asi_map() of the
exact same region.
This is mostly harmless (it's only a functional problem if you wanna
touch those pages from the ASI critical section) but it's messy. For
now, working around the only practical case that appears by moving the
asi_map call up the call stack in the page allocator, to the place where
we know the actual size the mapping is supposed to end up at.
This just removes the main case where that happens. Later, a proper
solution for partial unmaps will be needed.
Signed-off-by: Brendan Jackman <jackmanb@google.com>
---
mm/page_alloc.c | 40 ++++++++++++++++++++++++++--------------
1 file changed, 26 insertions(+), 14 deletions(-)
diff --git a/mm/page_alloc.c b/mm/page_alloc.c
index 3e98fdfbadddb1f7d71e9e050b63255b2008d167..f96e95032450be90b6567f67915b0b941fc431d8 100644
--- a/mm/page_alloc.c
+++ b/mm/page_alloc.c
@@ -4604,22 +4604,20 @@ void __init page_alloc_init_asi(void)
}
}
-static int asi_map_alloced_pages(struct page *page, uint order, gfp_t gfp_mask)
+static int asi_map_alloced_pages(struct page *page, size_t size, gfp_t gfp_mask)
{
if (!static_asi_enabled())
return 0;
if (!(gfp_mask & __GFP_SENSITIVE)) {
- int err = asi_map_gfp(
- ASI_GLOBAL_NONSENSITIVE, page_to_virt(page),
- PAGE_SIZE * (1 << order), gfp_mask);
+ int err = asi_map_gfp(ASI_GLOBAL_NONSENSITIVE, page_to_virt(page), size, gfp_mask);
uint i;
if (err)
return err;
- for (i = 0; i < (1 << order); i++)
+ for (i = 0; i < (size >> PAGE_SHIFT); i++)
__SetPageGlobalNonSensitive(page + i);
}
@@ -4629,7 +4627,7 @@ static int asi_map_alloced_pages(struct page *page, uint order, gfp_t gfp_mask)
#else /* CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION */
static inline
-int asi_map_alloced_pages(struct page *pages, uint order, gfp_t gfp_mask)
+int asi_map_alloced_pages(struct page *pages, size_t size, gfp_t gfp_mask)
{
return 0;
}
@@ -4896,7 +4894,7 @@ struct page *__alloc_pages_noprof(gfp_t gfp, unsigned int order,
trace_mm_page_alloc(page, order, alloc_gfp, ac.migratetype);
kmsan_alloc_page(page, order, alloc_gfp);
- if (page && unlikely(asi_map_alloced_pages(page, order, gfp))) {
+ if (page && unlikely(asi_map_alloced_pages(page, PAGE_SIZE << order, gfp))) {
__free_pages(page, order);
page = NULL;
}
@@ -5118,12 +5116,13 @@ void page_frag_free(void *addr)
}
EXPORT_SYMBOL(page_frag_free);
-static void *make_alloc_exact(unsigned long addr, unsigned int order,
- size_t size)
+static void *finish_exact_alloc(unsigned long addr, unsigned int order,
+ size_t size, gfp_t gfp_mask)
{
if (addr) {
unsigned long nr = DIV_ROUND_UP(size, PAGE_SIZE);
struct page *page = virt_to_page((void *)addr);
+ struct page *first = page;
struct page *last = page + nr;
split_page_owner(page, order, 0);
@@ -5132,9 +5131,22 @@ static void *make_alloc_exact(unsigned long addr, unsigned int order,
while (page < --last)
set_page_refcounted(last);
- last = page + (1UL << order);
+ last = page + (1 << order);
for (page += nr; page < last; page++)
__free_pages_ok(page, 0, FPI_TO_TAIL);
+
+ /*
+ * ASI doesn't support partially undoing calls to asi_map, so
+ * we can only safely free sub-allocations if they were made
+ * with __GFP_SENSITIVE in the first place. Users of this need
+ * to map with forced __GFP_SENSITIVE and then here we'll make a
+ * second asi_map_alloced_pages() call to do any mapping that's
+ * necessary, but with the exact size.
+ */
+ if (unlikely(asi_map_alloced_pages(first, nr << PAGE_SHIFT, gfp_mask))) {
+ free_pages_exact(first, size);
+ return NULL;
+ }
}
return (void *)addr;
}
@@ -5162,8 +5174,8 @@ void *alloc_pages_exact_noprof(size_t size, gfp_t gfp_mask)
if (WARN_ON_ONCE(gfp_mask & (__GFP_COMP | __GFP_HIGHMEM)))
gfp_mask &= ~(__GFP_COMP | __GFP_HIGHMEM);
- addr = get_free_pages_noprof(gfp_mask, order);
- return make_alloc_exact(addr, order, size);
+ addr = get_free_pages_noprof(gfp_mask | __GFP_SENSITIVE, order);
+ return finish_exact_alloc(addr, order, size, gfp_mask);
}
EXPORT_SYMBOL(alloc_pages_exact_noprof);
@@ -5187,10 +5199,10 @@ void * __meminit alloc_pages_exact_nid_noprof(int nid, size_t size, gfp_t gfp_ma
if (WARN_ON_ONCE(gfp_mask & (__GFP_COMP | __GFP_HIGHMEM)))
gfp_mask &= ~(__GFP_COMP | __GFP_HIGHMEM);
- p = alloc_pages_node_noprof(nid, gfp_mask, order);
+ p = alloc_pages_node_noprof(nid, gfp_mask | __GFP_SENSITIVE, order);
if (!p)
return NULL;
- return make_alloc_exact((unsigned long)page_address(p), order, size);
+ return finish_exact_alloc((unsigned long)page_address(p), order, size, gfp_mask);
}
/**
--
2.47.1.613.gc27f4b7a9f-goog
next prev parent reply other threads:[~2025-01-10 18:41 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-10 18:40 [PATCH RFC v2 00/29] Address Space Isolation (ASI) Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 01/29] mm: asi: Make some utility functions noinstr compatible Brendan Jackman
2025-01-16 0:18 ` Borislav Petkov
2025-01-16 10:27 ` Borislav Petkov
2025-01-16 13:22 ` Brendan Jackman
2025-01-16 14:02 ` Borislav Petkov
2025-01-10 18:40 ` [PATCH RFC v2 02/29] x86: Create CONFIG_MITIGATION_ADDRESS_SPACE_ISOLATION Brendan Jackman
2025-01-16 16:43 ` Borislav Petkov
2025-03-01 7:23 ` Mike Rapoport
2025-03-05 13:12 ` Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 03/29] mm: asi: Introduce ASI core API Brendan Jackman
2025-02-19 10:55 ` Borislav Petkov
2025-02-19 13:50 ` Brendan Jackman
2025-02-19 13:53 ` Brendan Jackman
2025-02-27 12:06 ` Borislav Petkov
2025-02-28 8:43 ` Brendan Jackman
2025-03-14 13:14 ` Borislav Petkov
2025-03-15 1:34 ` Junaid Shahid
2025-03-15 12:36 ` Borislav Petkov
2025-03-17 11:40 ` Brendan Jackman
2025-03-18 0:50 ` Junaid Shahid
2025-03-18 13:03 ` Brendan Jackman
2025-03-18 22:48 ` Junaid Shahid
2025-03-19 15:23 ` Borislav Petkov
2025-01-10 18:40 ` [PATCH RFC v2 04/29] mm: asi: Add infrastructure for boot-time enablement Brendan Jackman
2025-03-19 17:29 ` Borislav Petkov
2025-03-19 18:47 ` Yosry Ahmed
2025-03-20 10:44 ` Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 05/29] mm: asi: ASI support in interrupts/exceptions Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 06/29] mm: asi: Use separate PCIDs for restricted address spaces Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 07/29] mm: asi: Make __get_current_cr3_fast() ASI-aware Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 08/29] mm: asi: Avoid warning from NMI userspace accesses in ASI context Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 09/29] mm: asi: ASI page table allocation functions Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 10/29] mm: asi: asi_exit() on PF, skip handling if address is accessible Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 11/29] mm: asi: Functions to map/unmap a memory range into ASI page tables Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 12/29] mm: asi: Add basic infrastructure for global non-sensitive mappings Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 13/29] mm: Add __PAGEFLAG_FALSE Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 14/29] mm: asi: Map non-user buddy allocations as nonsensitive Brendan Jackman
2025-01-10 18:40 ` Brendan Jackman [this message]
2025-01-10 18:40 ` [PATCH RFC v2 16/29] mm: asi: Map kernel text and static data " Brendan Jackman
2025-01-17 11:23 ` Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 17/29] mm: asi: Map vmalloc/vmap " Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 18/29] mm: asi: Map dynamic percpu memory " Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 19/29] mm: asi: Stabilize CR3 in switch_mm_irqs_off() Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 20/29] mm: asi: Make TLB flushing correct under ASI Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 21/29] KVM: x86: asi: Restricted address space for VM execution Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 22/29] mm: asi: exit ASI before accessing CR3 from C code where appropriate Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 23/29] mm: asi: exit ASI before suspend-like operations Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 24/29] mm: asi: Add infrastructure for mapping userspace addresses Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 25/29] mm: asi: Restricted execution fore bare-metal processes Brendan Jackman
2025-02-28 15:32 ` Yosry Ahmed
2025-03-20 15:55 ` Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 26/29] x86: Create library for flushing L1D for L1TF Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 27/29] mm: asi: Add some mitigations on address space transitions Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 28/29] x86/pti: Disable PTI when ASI is on Brendan Jackman
2025-01-10 18:40 ` [PATCH RFC v2 29/29] mm: asi: Stop ignoring asi=on cmdline flag Brendan Jackman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250110-asi-rfc-v2-v2-15-8419288bc805@google.com \
--to=jackmanb@google.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=acme@kernel.org \
--cc=adrian.hunter@intel.com \
--cc=agordeev@linux.ibm.com \
--cc=akpm@linux-foundation.org \
--cc=alexander.shishkin@linux.intel.com \
--cc=andreas@gaisler.com \
--cc=anton.ivanov@cambridgegreys.com \
--cc=aou@eecs.berkeley.edu \
--cc=ardb@kernel.org \
--cc=arnd@arndb.de \
--cc=bcain@quicinc.com \
--cc=borntraeger@linux.ibm.com \
--cc=bp@alien8.de \
--cc=bsegall@google.com \
--cc=catalin.marinas@arm.com \
--cc=chenhuacai@kernel.org \
--cc=chris@zankel.net \
--cc=christophe.leroy@csgroup.eu \
--cc=cl@linux.com \
--cc=dalias@libc.org \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=deller@gmx.de \
--cc=dennis@kernel.org \
--cc=dietmar.eggemann@arm.com \
--cc=dinguyen@kernel.org \
--cc=geert@linux-m68k.org \
--cc=glaubitz@physik.fu-berlin.de \
--cc=gor@linux.ibm.com \
--cc=guoren@kernel.org \
--cc=hca@linux.ibm.com \
--cc=hch@infradead.org \
--cc=hpa@zytor.com \
--cc=irogers@google.com \
--cc=jcmvbkbc@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=jolsa@kernel.org \
--cc=jonas@southpole.se \
--cc=jpoimboe@kernel.org \
--cc=juri.lelli@redhat.com \
--cc=kernel@xen0n.name \
--cc=kvm@vger.kernel.org \
--cc=linux-alpha@vger.kernel.org \
--cc=linux-arch@vger.kernel.org \
--cc=linux-arm-kernel@lists.infradead.org \
--cc=linux-csky@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-hexagon@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-m68k@lists.linux-m68k.org \
--cc=linux-mips@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=linux-openrisc@vger.kernel.org \
--cc=linux-parisc@vger.kernel.org \
--cc=linux-perf-users@vger.kernel.org \
--cc=linux-riscv@lists.infradead.org \
--cc=linux-s390@vger.kernel.org \
--cc=linux-sh@vger.kernel.org \
--cc=linux-snps-arc@lists.infradead.org \
--cc=linux-trace-kernel@vger.kernel.org \
--cc=linux-um@lists.infradead.org \
--cc=linux@armlinux.org.uk \
--cc=linuxppc-dev@lists.ozlabs.org \
--cc=loongarch@lists.linux.dev \
--cc=luto@kernel.org \
--cc=maddy@linux.ibm.com \
--cc=mark.rutland@arm.com \
--cc=mathieu.desnoyers@efficios.com \
--cc=mattst88@gmail.com \
--cc=mgorman@suse.de \
--cc=mhiramat@kernel.org \
--cc=mingo@redhat.com \
--cc=monstr@monstr.eu \
--cc=mpe@ellerman.id.au \
--cc=namhyung@kernel.org \
--cc=naveen@kernel.org \
--cc=npiggin@gmail.com \
--cc=palmer@dabbelt.com \
--cc=paul.walmsley@sifive.com \
--cc=pawan.kumar.gupta@linux.intel.com \
--cc=pbonzini@redhat.com \
--cc=peterz@infradead.org \
--cc=richard.henderson@linaro.org \
--cc=richard@nod.at \
--cc=rostedt@goodmis.org \
--cc=rppt@kernel.org \
--cc=seanjc@google.com \
--cc=shorne@gmail.com \
--cc=sparclinux@vger.kernel.org \
--cc=stefan.kristiansson@saunalahti.fi \
--cc=svens@linux.ibm.com \
--cc=tglx@linutronix.de \
--cc=tj@kernel.org \
--cc=tsbogend@alpha.franken.de \
--cc=urezki@gmail.com \
--cc=vgupta@kernel.org \
--cc=vincent.guittot@linaro.org \
--cc=vschneid@redhat.com \
--cc=will@kernel.org \
--cc=x86@kernel.org \
--cc=ysato@users.sourceforge.jp \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox